U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Managing Information Security Risk: Organization, Mission, and Information System View

Published

Author(s)

Shirley M. Radack

Abstract

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-39, Integrated Enterprise-Wide Risk Management: Organization, Mission and Information System View. This publication was developed by the Joint Task Force Transformation Initiative, a joint partnership among the Department of Defense, the Intelligence Community, NIST, and the Committee on National Security Systems. SP 800-39 provides a structured, yet flexible approach for managing risk that is supported by other NIST security standards and guidelines. The bulletin discusses the contents of the publication, explains the basic concepts and components of risk management, and describes a three-tiered risk management approach that allows organizations to establish an enterprise-wide risk management strategy as part of their governance structure. References are provided to additional sources of information on risk management.
Citation
ITL Bulletin -
NIST Pub Series
ITL Bulletin
Pub Type
NIST Pubs

Download Paper

Local Download

Keywords

confidentiality, cyber security, enterprise architecture, Federal Information Processing Standards, Federal Information Security Management Act, FISMA, information security, information security architecture, information security risk, information systems, Joint Task Force Transformation Initiative, NIST Special Publications, risk assessments, risk management, Risk Management Framework, security controls, security plans, security requirements, security risks, threats, vulnerabilities
Information technology and Cybersecurity

Citation

Radack, S. (2011), Managing Information Security Risk: Organization, Mission, and Information System View, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=908207 (Accessed January 4, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created March 22, 2011, Updated January 27, 2020